freeradius and openssl exception
Nicolas Baradakis
nbk at sitadelle.com
Wed Jul 26 15:55:55 CEST 2006
Stephen Gran wrote:
> I'm sorry in advance if this is something that has already been discussed
> to death.
Indeed, it was discussed many times.
The OpenSSL advertising clause was also discussed a few months ago on
the openssl-users mailing list, and it seems unlikely they'll ever
change their licence.
http://marc.theaimsgroup.com/?l=openssl-users&m=114460613316150&w=2
> I have been googling around, and I do see some discussion about an openssl
> exception that took place in 2005, but I don't see any resolution, nor
> do I see any actual exception in COPYING. Is this something, first
> of all, that people are either interested in or amenable to? If so,
> has any progress been made?
In short: nothing has been done yet, but there's no strong objection
to the exception.
Speaking personally, I'd prefer a GnuTLS solution but I won't go against
everybody else.
> I ask all this because I recently took over comaintenance of the
> package for Debian, and there are several modules that we can't ship
> precompiled right now, as I understand it (eap being the most common,
> but for some reason postgres is also currently disabled - that needs
> seperate investigation).
The problem with the module rlm_sql_postgresql is the Debian package
libpq4 depends on libssl. A user installing freeradius-postgresql also
installs libssl through apt-get mechanism.
$ apt-cache show libpq4 | grep Depends
Depends: libc6 (>= 2.3.6-6), libcomerr2 (>= 1.33-3), libkrb53 (>= 1.4.2), libssl0.9.8 (>= 0.9.8b-1)
> If no progress has been made, I would be willing to do some of the
> leg work sending around a sort of form email to contributors asking
> for an exception, or whatever you all thought was the best way of
> handling this.
The PostgreSQL project has a pending patch for GnuTLS support, but I
don't know the status of this patch. (there is a problem with psqlODBC)
http://archives.postgresql.org/pgsql-general/2006-04/msg00977.php
When PostgreSQL completes their GnuTLS patch, it could be added
as a dpatch in the postgresql source package, so the PostgreSQL
client library doesn't depend on libssl anymore, and the
freeradius-postgresql package can enter the Debian archive.
--
Nicolas Baradakis
More information about the Freeradius-Devel
mailing list